Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-33551

OpenShift won't match the OKTA openid provider preferred username

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not a Bug
    • Icon: Undefined Undefined
    • None
    • 4.12.z
    • oauth-apiserver
    • None
    • None
    • No
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      
IHAC, where the Okta OpenID provider is configured and login works. However, when user logs in for the first time, instead his "preferred_username" the sub is set as user id in the OpenShift.
It causes that groups can't be synced.

We did investigation, and we see that the data in the Okta should be fine, the OpenID configuration is fine as well - just the OpenShift doesn't receive any information about the user. 

After increasing the logs of authentication to Debug, we see similar behavior in the logs (will be attached).

Is it possible that OpenShift ignores the configuration?
Is it possible that if Proxy in place would be able to strip certain data from the response body?

      Version-Release number of selected component (if applicable):

      OpenShift 4.12 (but most likely affected in 4.15 as well)

      How reproducible:

      n/a - customer can reproduce

      Steps to Reproduce:

          1.
    2.
    3.

      Actual results:

      Expected results:

      Additional info:

              slaznick@redhat.com Stanislav Láznička (Inactive)
              rhn-support-vwalek Vladislav Walek
              Deepak Punia Deepak Punia (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: